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[57] ABSTRACT 

In an encrypted transmission system composed of one 
transmission apparatus 10 and twenty-eight reception appa- 
ratuses A1-G4 that are classified into seven groups A-G, 
two secret key exclusively selected out of a total of fourteen 
secret keys are distributed beforehand to each group. The 
transmission apparatus 10 encrypts the same message M 
using one of the two secret keys distributed to each group 
and sends each group a message M encrypted with one of the 
group's secret keys. The reception apparatuses each decrypt 
the received cryptogram separately using each of the secret 
keys assigned to the of group to which each reception 
apparatus belongs, judge whether either of the two decryp- 
tion results conforms to a predetermined rule, and specify 
the correct decryption result. 

3 Claims, 8 Drawing Sheets 
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Fig. 4 
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ENCRYPTED COMMUNICATION SYSTEM 

THAT LIMITS THE DAMAGE CAUSED 
WHEN A SECRET KEY HAS BEEN LEAKED 

BACKGROUND OF THE INVENTION 5 

1. Field of the Invention 

The present invention relates to a system that performs 
encrypted transfer of data such as digitized text, audio, 
video, or programs via a transfer medium or recording J0 
medium, and in particular relates to a technique for 
encrypted transfer from a single transmission apparatus to a 
plurality of reception apparatuses using a secret key. 

2. Description of the Related Art 

In recent years, secret key encrypted communication 15 
systems have been developed which encrypt data such as 
digitized text, audio, video, or programs using a secret key, 
before transferring the data using a transfer medium or 
recording the data onto a recording medium for later repro- 
duction. In such systems, both transmission apparatuses and 20 
reception apparatuses perform encryption and decryption 
using a predetermined secret key with which they are both 
provided. 

When both transmission apparatuses and reception appa- 
ratuses are provided with a plurality of secret keys, it is 25 
necessary to specify which secret key is to be used before 
communication is commenced. This is performed to ensure 
that the reception apparatus will be able to decrypt the 
cryptogram transmitted by the transmission apparatus. 

Conventional encrypted communication systems which 
are constructed so that one transmission apparatus supplies 
information to a plurality of reception apparatuses 
(hereinafter referred to as a "one-to-many" system) suffer 
from a major drawback in that when the secret key is leaked, 
it becomes necessary to set a new secret key in each 
reception apparatus, which requires the significant burden of 
changing the system construction itself. 

As one example, when a secret key used by one broadcast 
station and one hundred reception apparatuses that receive w 
programs transmitted by the broadcast station is leaked, it 
becomes necessary to change the secret key stored by the 
broadcast station and all one hundred reception apparatuses. 
This means that when the communication between one 
transmission apparatus and one reception apparatus is inter- 45 
cepted and the secret key decoded, this affects not just the 
two apparatuses involved in the intercepted communication, 
but every reception apparatus that is equipped with the same 
secret key. 
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In view of the stated problems, it is an object of the 
present invention to provide an encrypted communication 
system that makes it difficult for third parties to decode a 
secret-kcy-and.that.hmits.the.damage^causedjoJhc.system 55 
whcn;a<secrct key-is leaked. ,■ „ _____^_^J 

In order to achieve the stated object, the encrypted com- 
munication system of the present invention is a communi- 
cation system composed of one transmission apparatus and 
a plurality of reception a pparatuses that are classified. into^a 60 



I groups. In this system, the transmission apparatus selects 
one secret-keyjbr.each.group and uses the keys to encrypt 
a plaintext for each group, before transmitting the resulting 65 
cryptograms to the reproduction apparatuses in the respec- 
tive groups. Each of the reproduction apparatuses uses the 



secret keys that have been distributed to the group to which 
it belongs to decrypt the received cryptogram and by judging 
whether any of the decrypted results conform to a predeter- 
mined rule, specifies a correct decrypted result. 

With the stated construction, even if one of the secret keys 
is leaked or decoded, encrypted communication can be 
continued to the reproduction apparatuses in the groups 
which differ from the group with the leaked key. It is also 
possible to continue encrypted communication to the repro- 
duction apparatuses in the group with the leaked key by 
using a different secret key for encryption. Since the trans- 
mission apparatus is free to change the secret key used for 
encrypted communication to any of the groups, it is not 
necessary to use the same secret key every time communi- 
cation is performed to a given group, making it more difficult 
for a third party to decode the secret key. 

In this way, an encrypted communication system that 
makes it difficult for third parties to decode a secret key and 
that limits the damage caused to the system when a secret 
key is leaked or decoded. 

The transmission apparatus may append each cryptogram 
with another cryptogram showing the predetermined rule, 
and then transmit these to the reproduction apparatuses. 

With the stated construction, the judging criteria by which 
a reproduction apparatus can specify a correct decrypted 
result from the plurality of decryption results by the repro- 
duction apparatuses are encrypted by the transmission appa- 
ratus and sent to the reception apparatus, so that the infor- 
mation as to which secret key has been selected by the 
transmission apparatus is also kept concealed, making the 
encryption system highly secure. 

BRIEF DESCRIPTION OF THE DRAWINGS 

These and other objects, advantages and features of the 
invention will become apparent from the following descrip- 
tion thereof taken in conjunction with the accompanying 
drawings which illustrate a specific embodiment of the 
invention. In the drawings: 

FIG. 1 shows the construction of the entire encrypted 
communication system or the first embodiment of the 
present invention and the basic principles of the encrypted 
communication; 

FIG. 2 is a block diagram showing the detailed construc- 
tion and connection of the transmission apparatus 100 and 
one reception apparatus 200 in the present encrypted com- 
munication system; 

FIG. 3 is a flowchart showing the operation of the 
transmission apparatus 100; 

FIG. 4 is a flowchart showing the operation of the 
reception apparatus Al; 

FIG. 5 shows the content written onto a recording medium 
when the communication medium of the encrypted commu- 
nication system of the present invention is a recording 
medium; 

FIG. 6 shows the construction of the entire encrypted 
communication system of the second embodiment of the 
present invention and the basic principles of the encrypted 
communication; 

FIG. 7 is a block diagram showing the construction of the 
encryption apparatus of the third embodiment of the present 
invention; and 

FIG. S shows the construction of the block data before 
encryption by the present encryption apparatus and the 
construction of the block data Edata after encryption by the 
present encryption apparatus. 
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DESCRIPTION OF THE PREFERRED 
EMBODIMENTS 

First Embodiment 

The following is a detailed description of the encrypted 
communication system of the first embodiment of the 
present invention, with reference to the drawings. The 
present encrypted communication system is able to suppress 
the damage caused when the secret key is leaked or decoded. 
Overview of the Encrypted Communication System 
FIG. 1 shows the system construction of the entire 
encrypted communication system of the first embodiment 
and the basic principles of the encrypted communication. As 
shown in FIG. 1, the present system is composed of one 
transmission apparatus 10 and twenty -eight reception appa- 
ratuses A1-C4 which receive transferred information that is 
one-directionally transferred from the transmission appara- 
tus 10. 

The twenty eight reception apparatuses A1-G4 each 
belong to one of seven groups A-G of four reception 
apparatuses. In more detail, the twenty-eight reception appa- 
ratuses Al G4 are arranged so that the four reception 
apparatuses A1-A4 (of which only two have been shown in 
FIG. 1) which belong to group A are connected via the bus 
line 14a, the four reception apparatuses B1-B4 (of which 
only two have been shown in FIG. 1) which belong to group 
B are connected via the bus line 146, . . . , and the four 
reception apparatuses G1-G4 (of which only two have been 
shown in FIG. 1) which belong to group G are connected via 
the bus line 14g. 

The transmission apparatus 10 is equipped with a message 
13 that is to be transmitted to all of the reception apparatuses 
A1-G4, fourteen different secret keys 11, and one encryp- 
tion module 12. The transmission apparatus 10 is separately 
connected to seven bus lines 14a to I4g which it uses to 
perform transmission to each group, which is to say, to 
collectively transmit to four reception apparatuses. 

The reception apparatuses A1-G4 are each composed of 
two secret keys 21a-2lg . . . 26a-26g and one decryption 
module 21a-llg . . . lla-llg corresponding to (which is to 
say, performing an inverse transformation to) the encryption 
module 12. 

The object of the present system is to have the single 
transmission apparatus 10 transmit the same message M to 
the twenty-eight reception apparatuses Al G4 by encrypted 
communication that uses secret keys. 

The following explanation will first focus on the relation 
between the fourteen secret keys 11 provided in the trans- 
mission apparatus and the two secret keys provided in each 

reception apparatus. ^ y 

^n^he^ re ^n t^ ystem^ is 

.exclusive l y fourteen 
sjcretMsysfu^ that group 

s\ is-assigned i secret.kcy Kainihtf Ka2, group B is assigned 
secret key Kbl and Kb2, . . . , and group G is assigned secret 
key Kgl and Kg2. These two secret keys assigned to each 
group are stored by each reception apparatus in the group. 
The transmission apparatus 10, meanwhile, stores the four- 
teen secret keys so as to correspond to the seven groups A-G 
to which they have been assigned. In short, the fourteen 
secret keys are distributed so that each reception apparatus 
has the same secret keys as other reception apparatuses in 
the same group, but different secret keys to reception appa- 
ratuses in other groups. 

The following is an explanation of the specific content of 
the cryptograms transferred from the transmission apparatus 
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10 to the twenty-eight reception apparatuses A1-G4. These 
cryptograms transferred from the transmission apparatus 10 
to the twenty-eight reception apparatuses A1-G4 are shown 
by the bus lines 14a to 14g in FIG. 1, with the notation 

5 W E(M,K)" showing a cryptogram obtained by subjecting the 
plaintext M to the encryption algorithm E using the encryp- 
tion key K- In the same way, the notation "D(C,K)" shows 
the decrypted text obtained by subjecting the cryptogram C 
to the decryption algorithm D using the decryption key K. 

10 As shown in FIG. 1, the transmission apparatus 10 
transmits either the cryptogram E(M,Kal) or the cryptogram 
E(MJCa2) to the four reception apparatuses A1-A4 which 
belong to group A via the bus line 14a (shown in FIG. 1 as 
"E(M^Cal)/E(M,Ka2)", either the cryptogram E(M,Kbl) or 

15 the cryptogram E(M,kb2) to the four reception apparatuses 
B1-B4 which belong to group B via the bus line 146 (shown 
in FIG. 1 as "E(M,Kbl)/E(M,Kb2y\ .... and either the 
cryptogram E(M,Kgl) or the. cryptogram E(M,Kg2) to the 
four reception apparatuses G1-G4 which belong to group G 

20 via the bus line I4g (shown in FIG. 1 as "E(M,Kgl)/E(M, 
Kg2)". In more detail, when transmitting to group A, the 
transmission apparatus 10 randomly selects one of the secret 
keys (Kal or Ka2) assigned to group A, has the encryption 
module 12 use the selected key to encrypt the message M, 

25 and collectively transmits the obtained cryptogram E(M, 
Kal) or E(M,Ka2) to the four reception apparatuses A1-A4 
in group A. In the same way, when transmitting to group B, 
the transmission apparatus 10 randomly selects one of the 
secret keys (Kbl or Kb2) assigned to group B, has the 

30 encryption module 12 use the selected key to encrypt the 
message M, and collectively transmits the obtained crypto- 
gram E(M,Kbl) or E(MJCb2) to the four reception appara- 
tuses B1-B4 in group B. By doing so, each group of 
reception apparatuses is sent a different cryptogram in order. 

35 The reception apparatuses A1-G4 each decrypt the 
received cryptogram using the two secret keys with which 
they are provided and, if at least one of the resulting sets of 
decrypted data has a reliable content, each confirm that the 
decrypted data is the message M transferred from the 

40 transmission apparatus 10 and that the secret key used to 
obtain that decrypted data is the same as s secret key used 
by the transmission apparatus 10. 
For the example of reception apparatus 20a, the received 

45 cryptogram is either E(M,Kal) or E(M,Ka2). The reception 
apparatus 20d decrypts the received cryptogram separately 
using secret key Kal and secret key Ka2, and then deter- 
mines whether at least one of the resulting two sets of 
decrypted data is reliable by judging whether the content of 

5Q the decrypted data conforms to a predetermined rule. The 
details of this "predetermined rule" are given later in this 
specification. 

As described above, the present encrypted communica- 
tion system has one message M secretly transmitted from 
ss one transmission apparatus 10 to twenty-eight reception 
apparatuses 20a, with the system having the two major 
characteristics described below. 

First, the present system has the advantage that if the 
secret keys distributed to one group are decoded by a third 
60 party, this will not affect the reception apparatuses in the 
other groups, so that there is no need to replace the secret 
keys in the other groups. 

Second, two secret keys are distributed to each group, so 
that the secret key which is actually used will be a random 
65 selection of one or these keys. Accordingly, even if one of 
the secret keys distributed to a group is decoded by a third 
party, communication to the reception apparatuses in the 
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same group can be continued without having to replace the rithm E2. The encryption module 106 reads the message M 

secret keys if the other secret key distributed to the group is stored in the message generation unit 106, encrypts it using 

used thereafter. the secret key Kal or Ka2 sent from the secret key selection 

Detailed Construction unit 104, and transfers the obtained cryptogram Ca)»E2(M, 

FIG. 2 is a block diagram showing the detailed construe- 5 Kal)/(E2(M,Ka2)) to the transmission unit 111. 

lion of the encrypted communication system shown in FIG. The encryption module 107 can be an integrated circuit 

1, focusing on the transmission apparatus 10 and one recep- (IC) that performs encryption based on a secret encryption 

tion apparatus 20a. algorithm £3. The encryption module 107 reads the message 

The transmission apparatus 100 corresponds to the trans- M storcd in the message generation unit 106, encrypts it 

mission apparatus 10 in FIG. 1, and is composed of a digital j 0 ^ messa g c itseIf » and transfers the obtained crypto- 

production 101, a secret key storage unit 103, a secret key gram (Cm(=E3(M,M)) to the transmission unit 112. 

selection unit 104, three encryption modules 102, 105, and The transmission units 110, HI, and 112 can each be 

107, a message generation unit 106, and three transmission composed of a parallel-to-series convenor and an amplifier, 

units 110-112. and are respectively used to transmit the cryptograms Cd, 

The transmission apparatus 100 has the final object of Ca > and Cm 10 tnc reception apparatus Al via the bus lines 

encrypting the stored digital production 101 and transferring 1 20 » m > and 122 • <t should be noted here that these three 

it to the reception apparatus Al. To do so, the transmission bus lines 120, 121, and 122 collectively correspond to the 

apparatus 100 transmits two kinds of cryptograms to the single bus line 14a shown in FIG. 1. 

reception apparatus Al, namely, the cryptogram Ca for The reproduction apparatus Al corresponds to the repro- 

secrelly informing the reception apparatus of the secret key duction apparatus 20a shown in FIG. 1 and is composed of 

that is used for encrypting the digital production and the 20 five decryption modules 201, 221, 222, 231, and 232, two 

cryptogram Cm for informing the reception apparatus of the secret key storage units 220 and 230, two judging units 223 

predetermined rule used as the standard for specifying this and ^ M ovcra11 judging unit 203, a secret key selection 

secret key, in addition to the encrypted digital production UIUt ^ 30(1 three reception units 210-212. 

qj The reproduction apparatus has a final object of decrypt- 

The digital production 101 can be realized by a hard disk 25 «8 ™ d "sing the encrypted digital production transmitted 

drive, and stores data, such as a digitized text, audio, video, ^ J* transmission apparatus 100. Here the secret key to be 

^ used in the decryption, which is to say the secret key which 

* & . „„„ , was used by the transmission apparatus 100, is specified 

The secret key storage unit 103 corresponds to the secret from lhe tWQ ^ of cryplogram Ca and Cm that are 

key in FIG. 1, and can be realized by a semiconductor 3Q transmitted together with the encrypted digital production 

memory which stores the fourteen secret keys so as to qj. 

correspond to the groups A-C to which they arc distributed. reccp ij on umts 210, 211, and 212 can each be 

Before any the three cryptograms described above are composed of a series-to-parallel convenor, and are respec- 

generated and transmitted, the secret key selection unit 104 tively used to receive the three kinds of cryptogram Cd, Ca, 

randomly selects one of the two secret keys that correspond 35 and Cm from the bus tines 120, 121, and 122. 

to the group to which a transmission destination reception The decryption module 201 can be composed of an IC for 

apparatus belongs, and reads the selected secret key from the performing decryption based on the secret decryption algo- 

secret key storage unit 103. The secret key selection unit 104 rithm Dl that is the inverse transformation of the encryption 

then informs the two encryption modules 102 and 105 of the algorithm El of the encryption module 102 in the transmis- 

read secret key. For the specific example of when the ^ sion apparatus 100. When given a secret key Kal or Ka2 by 

transmission destination is reception apparatus Al, the the secret key selection unit 202, the decryption module 201 

secret key selection unit 104 selects one out of secret key uses the secret key to decrypt the cryptogram Cd sent from 

Kal and secret key Ka2, reads it from the secret key storage the reception unit 210, and by doing so restores the block 

unit 103, and sends it to the encryption modules 102 and data "Data" of the original digital production. 

105. 4S It should be noted here that the decryption module 201 

The encryption module 102 can be an integrated circuit only repeats its decryption so long as the encrypted digital 

(IC) that performs encryption based on a secret encryption production Cd is being repeatedly sent from the transmission 

algorithm El. The encryption module 102 reads a one block apparatus 100. When it has not been given a secret key by 

unit of the digital data "Data" from the digital production the secret key selection unit 202, the decryption module 201 

101, encrypts the data using the secret key Kal and Ka2 sent 50 judges that the specifying of the secret key has failed and so 

from the secret key selection unit 104, and transfers the does not attempt to decrypt the encrypted digital production, 

obtained cryptogram Cd(-El(DataJCal)/El(Data,Ka2)) to The secret key storage unit 220, the decryption module 

the transmission unit 110. The encryption module 102 221, the decryption module 222, and the judging unit 223 

repeats this processing for all of the data in the digital form one subcircuit whose object is to judge whether the 

production 101. 55 secret key used by the transmission apparatus 100 is secret 

The message generation unit 106 corresponds to the key Kal. In the same way, the secret key storage unit 230, 

message 13 in FIG. 1, and can be realized by a random the decryption module 231, the decryption module 232, and 

number generator that generates a random number that is the judging unit 233 form one subcircuit whose object is to 

different for each transmission destination group and stores judge whether the secret key used by the transmission 

it as the message M. It should be noted that in the present 60 apparatus 100 is secret key Ka2. These two subcircuits are 

embodiment, the message M is dummy data that is used as identical in construction and function, with the only differ- 

the carrier for informing the reproduction apparatus Al of ence being in the secret key stored in the secret key storage 

the secret key used for the encryption of the digital produc- unit 220 and in the secret key storage unit 230. Accordingly, 

tion 101. Accordingly, the content of this message M is not only one of these subcircuits will be described, 

especially important. 65 The secret key storage unit 220 corresponds to the secret 

The encryption module 105 is an integrated circuit (IC) key 21a shown in FIG. 1, and can be composed of semi- 

that performs encryption based on a secret encryption algo- conductor memory that stores the secret key Kal. 
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The decryption module 221 can be composed of an IC for 
performing decryption based on the secret decryption algo- 
rithm D2 that is the inverse transformation of the encryption 
algorithm E2 of the encryption module 105 in the transmis- 
sion apparatus 100, and corresponds to the decryption mod- 
ule 22a shown in FIG. 1. This decryption module 221 
decrypts the cryptogram Ca sent from the transmission unit 
211 using the secret key Kal read from the secret key 
storage unit 220, and sends the obtained decrypted data 
Ml=D2(Ca,Kal) to the judging unit 223 and the decryption 
module 222. 

The decryption module 222 can be composed of an IC for 
performing decryption based on the secret decryption algo- 
rithm D3 that is the inverse transformation of the encryption 
algorithm E3 of the encryption module 107 in the transmis- 
sion apparatus 100. This decryption module 222 decrypts the 
cryptogram Cm sent from the reception unit 212 and sends 
the obtained decrypted data Mll-D3(Cm,Ml) to the judg- 
ing unit 223. 

The judging unit 223 can be composed of a comparator 
and a selector, and judges whether the decrypted data Ml 
sent from the decryption module 221 matches the decrypted 
data Mil sent from the decryption module 222. When the 
two sets of decrypted data match, the judging unit 223 sends 
the decrypted data Ml to the overall judging unit 203, or 
otherwise sends the data w 0" to the overall judging unit 203. 

Here, the case where the two sets of decrypted data match 
(Ml -Mil) corresponds to the case where the secret key 
selected by the transmission apparatus 100 is secret key Kal. 
The reasoning behind this is explained below. 

Suppose that the secret key selection unit 101 in the 
transmission apparatus 100 has selected secret key Kal. In 
such case, 



Ca-E2(M,Kal) 
Cm-E3(M,M) 



Equation (1) 
Equation (2) 
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As a result, the decrypted data Ml outputted by the 



100 to the secret key selection unit 202, or otherwise sends 
an indication that a decryption key cannot be identified to the 
secret key selection unit 202. 

More specifically, when the output of the judging unit 223 
is the decrypted data Ml and not the value "0", the overall 
judging unit 203 sends an indication "1", showing that secret 
key Kal is selected, to the secret key selection unit 202, 
regardless of the output of the judging unit 233. When the 
output of the judging unit 223 is "0" and the output of the 
judging unit 233 is the decrypted data M2 and not the value 
"0", the overall judging unit 203 sends an indication "2", 
showing that secret key Ka2 is selected, to the secret key 
selection unit 202. In all other cases, the overall judging unit 
203 sends the value "0" to the secret key selection unit 202 
showing that a decryption key could not be identified. 

The secret key selection unit 202 can be composed of a 
selector, and, depending on whether the output of the overall 
judging unit 203, is "0", "1", or "2", does not output a secret 
key to the decryption module 201, outputs the secret key 
Kal to the decryption module 201, or outputs the secret key 
Ka2 to the decryption module 201. This secret key selection 
unit 202 maintains its output while the blocks of the 
encrypted digital production Cd are being repeatedly trans- 
mitted from the transmission apparatus 100. 

The preceding description states that the judging unit 223 
(233) outputs "0" when the decrypted data Ml (M2) and the 
decrypted data Mil (M22) do not match, with the overall 
judging unit 203 processing the secret key Kal (Ka2) related 
to the unsuccessful match as not being the secret key 
selected by the transmission apparatus 100. This is possible 
due to the following characteristic exhibited by the encryp- 
tion (decryption) algorithm used by the present system. This 
characteristic is that decrypted text obtained when a cryp- 
togram is decrypted with a secret key which is not the proper 
decryption key will always differ from the original plaintext. 
Operation of the Encrypted Communication System 
The following is a description of the operation of the 
encrypted communication system whose construction is 
explained above. 

FIG. 3 is a flowchart for the operation of the transmission 



decryption module 221 of the reception apparatus Al can be 40 apparatus 100. This transmission apparatus 100 repeats the 
1..: t-._.....__ /, \ _i processing described below (steps S51 to S53) for the seven 

groups A-G (steps S50 to S54). It should be noted here that 



rearranged using the relation given in Equation (1) above. 
M1-D2 (ca, Kal) -D2 (E2(M, Kal), Kal) -M Equation (3) 



On the other hand, the decrypted data Mil outputted by 
the decryption module 22 of the reception apparatus Al can 
be rearranged using the relations given in Equations (2) and 
(3) above. 



45 



MU-D3 (Cm, Ml) -D3 (FJ(M,M), M) -M 

From Equations (3) and (4) above: 



Equation (4) 
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Ml-MU 



Equation (5) 



It should be noted here that the judging unit 233 in the 
other subcircuit similarly judges whether the decrypted data 
M2 sent from the decryption module 231 matches the 
decrypted data M22 sent from the decryption module 232. 
When the two sets of decrypted data match, the judging unit 
233 sends the decrypted data M2 to the overall judging unit 
203, or other wise sends the data "0" to the overall judging 
unit 203. 

The overall judging unit 203 can be composed of a logical 
OR circuit and a selector, and, based on the decrypted data 
outputted by the judging unit 223 and the judging unit 223, 
sends a specification of the secret key (either Kal or Ka2) 
which should be used for the decryption of the encrypted 
digital production Cd sent from the transmission apparatus 
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the symbols and equations given in steps S51 to S53 indicate 
the processing performed for group A, with only the pro- 
cessing for group A being explained below. 

First, the secret key selection unit 104 randomly selects 
one of the two secret keys Kal and Ka2 corresponding to 
group A and sends it to the encryption module 102 and the 
encryption module 105 (step S51). 

The encryption module 102 uses the secret key Kal/Ka2 
selected in step S51 to encrypt the block data "Data" of the 
digital production 101, thereby generating the cryptogram 
Cd. The encryption module 105 uses the same secret key 
Kal/Ka2 selected in step S51 to encrypt the message M 
generated by the message generation unit 106 to generate the 
cryptogram Ca. Meanwhile, the encryption module 107 
encrypts the message M using the message M itself as the 
secret key, thereby generating the cryptogram Cm (Step 
S52). Note that these three encryption processes are per- 
formed in parallel. 

The three transmission units 110, 111, and 112 then 
collectively transmit the three cryptograms Cd, Ca, and Cm 
generated in Step S52 to the four reception apparatuses 
A1-A4 belonging to group A via the bus lines 120, 121, and 
122. 

On completing the transmission to group A, the transmis- 
sion apparatus 100 performs the same transmission process- 
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ing for group B, and then for the other remaining groups 
C-G (Steps S50-S54). 

FIG. 4 is a flowchart showing the operation of the 
reception apparatus Al. It should be noted here that the 
operation of the other reception apparatuses A2-G4 is 
fundamentally the same as that shown in this figure. 

First, the reception units 210, 211, and 212 receive the 
three cryptograms Cd, Ca, and Cm transmitted from the 
transmission apparatus 100 via the three bus lines 120, 121, 
and 122, and send the received cryptograms to the decryp- 
tion module 201, the decryption module 221, the decryption 
module 231 (Step S60). 

In the first decrypting stage, the decryption module 221 
decrypts the cryptogram Ca sent from the reception unit 211 
using the secret key Kal read from the secret key storage 
unit 220 to generate the decrypted data Ml, at the same time 
as the decryption module 231 decrypts the cryptogram Ca 
sent from the reception unit 211 using the secret key Ka2 
read from the secret key storage unit 230 to generate the 
decrypted data M2 (Step S61). 

In the second decrypting stage, the decryption module 
222 decrypts the cryptogram Cm received from the recep- 
tion unit 212 using the decrypted data Ml generated by the 
decryption module 221 as the decryption key to generate the 
decrypted data Mil, while in parallel the decryption module 

232 decrypts the cryptogram Cm received from the recep- 
tion unit 212 using the decrypted data M2 generated by the 
decryption module 222 as the decryption key to generate the 
decrypted data M22 (Step S62). 

The judging unit 223 judges whether the decrypted data 
Ml generated by the decryption module 222 matches the 
decrypted data Mil generated by the decryption module 223 
and, when the data matches, outputs the decrypted data Ml 
to the overall judging unit 203, or otherwise outputs "0" to 
the overall judging unit 203. Concurrently, the judging unit 

233 judges whether the decrypted data M2 generated by the 
decryption module 231 matches the decrypted data M22 
generated by the decryption module 232 and, when the data 
matches, outputs the decrypted data M2 to the overall 
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lion module 201 does not decrypt the cryptogram Cd sent 
from the reception unit 210 (Step S66). 

As described above, the present invention has two out of 
a total of fourteen secret keys exclusively distributed to each 
of the seven groups, with the transmission apparatus 100 
using one of the secret keys for each group to perform 
encryption, meaning that the digital production 101 and the 
message M can be secretly transmitted to each of the 
twenty-eight reception apparatuses A1-G4. 

With the above arrangement, even if an unauthorized third 
party repeatedly intercepts the bus line 14a and decodes one 
of the secret keys Kal, communication may be continued to 
the other reception apparatuses in groups B-G which use 
completely different secret keys. The transmission apparatus 
10 is also able to use the secret key Ka2 instead of the 
decoded secret key Kal for transmitting to group A, so that 
the communication to the reception apparatuses in group A 
may also be continued. 

Pulling this into other words, even if one of the secret keys 
is leaked or decoded, there is no need to update the secret 
keys stored by the transmission apparatus and all of the 
reception apparatuses, or to distribute new secret keys to all 
of the reception apparatuses. As a result, secret communi- 
cation can be continued without modification of the system. 

The encrypted communication system of the present 
invention has been described using the embodiment given 
above, although it should be obvious that the scope of the 
present invention is not limited to this embodiment. Several 
possible modifications have been listed below. 
(1) The present embodiment describes the case where the 
encrypted communication system is a star network where 
one transmission apparatus transmits different cryptograms 
to each reception apparatus, although the present invention 
need not be this kind of network. It is equally possible for 
the invention to be realized by a bus network where one 
transmission apparatus and a plurality of reception appara- 
tuses are attached to one coaxial cable, with the single 
transmission apparatus collectively supplying a set of cryp- 
tograms to all of the reception apparatuses. 



judging unit 203, or otherwise outputs "0" to the overall 40 (2) The communication medium in the encrypted commu- 



judging unit 203 (Steps S63, S64). 

On receiving an indication of a match (the decrypted data 
Ml) from the judging unit 223, the overall judging unit 203 
gives this indication priority over any indication from the 
judging unit 233 and so gives an indication "1" to the secret 
key selection unit 202 indicating a selection of the secret key 
Kal. As a result, the decryption module 201 uses the secret 
key Kal sent from the secret key selection unit 202 to 
decrypt the cryptogram Cd sent from the transmission unit 



nication system of the present embodiment was described as 
a collection of bus lines 14a-14& although a recording 
medium such as a CD-ROM may be used. 

FIG. 5 shows the content of the CD-ROM 250 which is 
45 written by a transmission apparatus when the communica- 
tion medium of the encrypted communication system of the 
present invention is a CD-ROM 250. 

This system can be arranged so that a transmission 
apparatus (CD-ROM writer) records three cryptograms 



210 into the original "Data" of the digital production (Step 50 Cd258, Ca259, and Cm260 for each of the seven groups or 



S65). 

On the other hand, when the overall judging unit 203 has 
received an indication "0" from the judging unit "0" show- 
ing that there has not been a match, the overall judging unit 
203 judges the content of the indication sent from the 
judging unit 233 and, on finding that the indication is for a 
match (the decrypted data M2), the overall judging unit 203 
gives an indication "2" to the secret key selection unit 202, 
indicating a selection of the secret key Ka2. As a result, the 



reception apparatuses at each of the seven recording position 
251-257 that correspond to the respective groups. On the 
other hand, the reception apparatuses (CD-ROM drives) 
each read the three cryptograms Cd258, Ca259, and Cm260 
55 recorded at the recording position that corresponds to the 
group to which the reception apparatus belongs, and 
decrypts the digital production "Data". 
(3) In the present embodiment, three different encryption 
algorithms were used, although a same encryption algorithm 



decryption module 201 uses the secret key Ka2 sent from the 60 may be used. It is also possible to achieve the plurality of 



secret key selection unit 202 to decrypt the cryptogram Cd 
sent from the transmission unit 210 into the original "Data" 
or the digital production (Step S66). 

When both the judging unit 223 and the judging unit 233 
send indications "0" showing that there has not been a 
match, the overall judging unit 203 gives an indication "0" 
to the secret key selection unit 202. As a result, the decryp- 



65 



secret key storage units and the plurality of encryption/ 
decryption modules with a circuit that is provided on one 
semiconductor IC. 

(4) la the present embodiment, the secret key selection unit 
104 was described as selecting the secret key al random, 
although other selection methods are also possible, so that 
the secret key may be selected in accordance with prede- 
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termined priority rankings. In such case, the system can be 
made to select a different secret key when a first secret key 
has been decoded. 

(5) In the present embodiment, two secret keys are distrib- 
uted to each group and encryption is performed by selecting 
and using one of these secret keys, although a different 
number of keys may be distributed. As one example, the 
transmission apparatus 100 may generate a cryptogram 
using a secret key that is a combination (found, for example, 
by taking a logical XOR for each bit position) of three secret 
keys selected out of four secret keys that are distributed to 
each group. The reception apparatuses then decrypt the 
cryptogram using a variety or decryption keys obtained by 
taking a logical XOR for each bit position of every combi- 
nation of three secret keys selected out of the four secret 
keys, and perform the same judgement as the present 
embodiment for each of the decryption results. Here, if the 
decrypted data Mn and Mnn match for at least one combi- 
nation of decryption keys, the reception apparatus may 
judge that the matching combination of decryption keys is 
the combination selected by the transmission apparatus 100. 

(6) In present embodiment, groups made up of two or more 
reception apparatuses were described, although each group 
may only include one reception apparatus. In such case, each 
reception apparatus may be provided with two or more 
secret keys, and the transmission apparatus may transmit 
cryptograms to reception apparatuses that have been gener- 
ated using different secret keys for each reception apparatus. 

Second Embodiment 

The following is a description of the encrypted commu- 
nication system of the second embodiment of the present 
invention, with reference to the drawings. The present 
encrypted communication system is characterized by per- 
forming a three-stage encryption process. 

Construction of the Encrypted Communication System 
FIG. 6 shows the entire construction of the encrypted 
communication system and the fundamental principles of 
the encrypted communication in the second embodiment. As 
shown in the drawing, the present system is an encrypted 



10 



15 



20 



25 



30 



35 



apparatus 300. The reproduction apparatus 320 includes a 
master key storage unit 321 for storing the same master key 
Km as the master key storage unit 301 in the recording 
apparatus 300, and three decryption modules 322-324. 

The three decryption modules 322-324 decrypt the 
encrypted medium key 311, the encrypted title key 312, and 
the encrypted digital production 313 read from the DVD 310 
based on the secret decryption algorithm Dl, D2, and D3 
which are the inverse transformations of the encryption 
algorithms El, E2, and E3 provided in the recording appa- 
ratus 300. 

Operation of the Encrypted Communication System 

The following is an explanation of the operation of the 
encrypted communication system described above, with 
reference to FIG. 6. 

The recording apparatus 300 performs encryption in the 
three stages described below. The encryption module 305 
generates the encrypted medium key El(Kd,Km) 311 by 
encrypting the medium key Kd generated by the medium 
key generation unit 302 using the master key Km read from 
the master key storage unit 301 as the encryption key. The 
encryption module 306 generates the encrypted title key E2 
(Kt,Kd) 312 by encrypting the title key Kt generated by the 
title key generation unit 303 using the medium key Kd as the 
encryption key. Finally, the encryption module 307 gener- 
ates the encrypted digital production E3 (Data.Kl) 313 by 
encrypting the digital production "Data" 304 using the title 
key Kt as the encryption key. 

The generated encrypted medium key El(Kd, Km) 311, 
the encrypted title key E2 (Kt^Kd) 312, and the encrypted 
digital production E3 (Data.Kt) 313 are recorded onto the 
DVD 310 at predetermined locations by the recording 
apparatus 300. 

The reproduction apparatus 320, on the other hand, per- 
forms decryption in the three stages described below. 

After the encrypted medium key El(Kd,Km) 311, the 
encrypted title key E2 (Kt ,Kd) 312, and the encrypted digital 
production E3 (Data.Ki) 313 have been read from the DVD 
310 by the reproduction apparatus 320, the decryption 



communication system that aims to protect the copyright of 40 module 322 first decrypts the encrypted medium key El(Kd, 



a digital production using a three-stage encryption process, 
and is composed of a recording apparatus 300 and a repro- 
duction apparatus 320 for a DVD (Digital Video Disc) 310. 

The recording apparatus 300 is an apparatus for recording 
digital data onto the DVD 310, and is composed of a master 
key storage unit 301, a medium key generation unit 302, a 
title key generation unit 303, three kinds of encryption 
module 305-307, and a digital production 304 which stores 
digital data, such as text, images, and audio. 

The master key storage unit 301 stores a master key Km 
that is a secret key commonly owned by authorized 
(permitted to perform reproduction) reproduction appara- 
tuses 320. The medium key generation unit 302 generates a 
medium key Kd that is a secret key for distinguishing each 
DVD 310. The title key generation unit 303, meanwhile, 
generates a title key Kt that is a secret key assigned to one 
title (for example, a movie) out of the digital production 304 
recorded on the DVD 310. 

The three encryption modules 305-307 respectively 
encrypt the medium key Kd, the title key Kt, and the digital 
production "Data" using three different encryption algo- 
rithms El, E2, and E3, and by doing so generates the 
encrypted medium key 311, the encrypted title key 312, and 
the encrypted digital production 313. 

The reproduction apparatus 320 is an authorized appara- 
tus which reads and decodes the encrypted digital produc- 
tion 313 from the DVD 310 recorded by the recording 



Km) 311 using the master key Km read from the master key 
storage unit 321 as the decryption key to generate the 
medium key Kd. This is shown by Equation 6 below. 



45 



Kd-Dl (El(Kd,Km),Km) 



Equation (6) 



50 



Following this, the decryption module 323 decrypts the 
encrypted title key E2 (Kt,Kd) 312 using the medium key 
Kd generated by the decryption module 322 to generate title 
key Kt. This is shown by Equation 7 below. 



Kt-D2 (E2(Ki T Kd),Kd) 



Equation (7) 



Finally, the decryption module 324 decrypts the encrypted 
digital production E3 (DataJCt) 313 using the title key Kt 
generated by the decryption module 323 as the decryption 
key to generate the digital production "Data". This is shown 
by Equation 8 below. 



Data-D3 (E3(Dnta, Ki),Kt) 



Equation (8) 
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When the master key Km provided in the reproduction 
apparatus 320 does not match the master key Km provided 
in the recording apparatus 300, the key generated by the 
decryption module 322 will not match the title key generated 
by the title key generation unit 303 in the recording appa- 
ratus 300. As a result, even if the decryption in the following 
two stages is performed, the data output ted from the decryp- 
tion module 324 will not match the original digital produc- 
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lion "Data" 304. This is to say, only reproduction appara- 
tuses 304 which are provided with the same master key Km 
as the recording apparatus 300 will be able to restore the 
digital production 304 to its original state. 

As described above, the present encrypted communica- 
tion system encrypts the digital production 304 and records 
it onto the DVD 310, with the decryption and reproduction 
of the encrypted digital production 313 only being possible 
by reproduction apparatuses 320 that possess the master key 
Km. A medium key Kd that is unique to each DVD 310 and 
a title key Kt that is unique to each title are also encrypted 
and recorded onto the DVD 310, so that only by successfiilly 
decrypting these in order will the reproduction apparatus 
320 be able to successfully decode the digital production 
"Data" for a specified title. 

As a result, in addition to preventing leaks of the encryp- 
tion key and dead copying which are possible when all of the 
encryption keys are provided on the recording medium, the 
present invention uses a master key that is only distributed 
to manufacturers or authorized apparatuses, thereby facili- 
tating the distinction between authorized reproduction appa- 
ratuses that can reproduce contents and non-authorized 
apparatuses that cannot. 

Third Embodiment 

FIG. 7 is a block diagram showing the construction of the 
encryption apparatus 400 in the third embodiment of the 
present invention. This encryption apparatus 400 is an 
apparatus for encrypting and transmitting a digital produc- 
tion 402 and is composed of a title key storage unit 401, a 
digital production 402, and amendment unit 403, a separat- 
ing unit 404, an encryption module 405, and a combining 
unit 406. 

The title key generation unit 401, the digital production 
402, and the encryption module 405 are the same the title 
key generation unit 303, the digital production 304, and the 
encryption module 307 in the second embodiment and so 
will not be described. 

The separating unit 404 can be composed of a latch 
circuit, and separates data to be encrypted (separated data 2) 
and the data not to be encrypted (separated data 1) from the 
block data "Data" extracted from the digital production 402. 
The separating unit 404 sends the separated data 1 to the 
amendment unit 403 and to the combining unit 406, and the 
separated data 2 to the encryption module 405. 

The amendment unit 403 can be composed of a logical 
XOR circuit, and is used to calculate a logical XOR for each 
bit position in the title key Kt generated by the title key 
generation unit 401 and the separated data 1 sent from the 
separating unit 404. The amendment unit 403 then sends the 
obtained result to the encryption module 405 as the amended 
title key Kp shown by Equation (9) below. 



Kp-Lt(+)Datal 



E(Data2,Kp)-E(Data2, Ki(+)Datal) 
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Equation (9) 



where the symbol (+) is an operator representing a logical 
XOR operation. 

The encryption module 405 encrypts separated data 2 sent 
from the separating unit 404 using the amended title key Kp 
sent from the amendment unit 403 as the encryption key, and 
sends the obtained cryptogram E(Data2,Kp) to the combin- 
ing unit 406. This cryptogram E(Data2 JCp) can be expressed 
by Equation 10 below, substituting Equation 9 above. 



Equation (10) 



The combining unit 406 can be composed of a latch 
circuit, and, by combining the separated data 1 sent from the 
separating unit 404 and the cryptogram E (Data2,Kp) sent 
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from the encryption module 405, outputs the encrypted 
block data "Edata" corresponding to the original block data 
"Data". 

FIG. 8 shows the construction of the block data "Data" 
before encryption and of the encrypted block data "Edata". 
As shown by FIG. 8, the separated data 1 is not changed, 
while the separated data 2 is encrypted using the title key Kp 
which has been amended by the separated data 1. 

As described above, the present encryption apparatus 400 
does not directly use a secret key as an encryption key, but 
instead amends the secret key and then uses it as the 
encryption key. This amendment is performed using a part of 
the digital production which is to be encrypted. 

With the present encryption apparatus 400, the encryption 
key that is finally used in the encryption is determined based 
on the content (data to be communicated), so that it will be 
difficult for unauthorized third parties to work out the secret 
key. Here, it is also possible to avoid the worst possible 
scenario where a leak of the secret key enables the decrypt- 
ing of all other contents. 

Although the present invention has been fully described 
by way of examples with reference to accompanying 
drawings, it is to be noted that various changes and modi- 
fication will be apparent to those skilled in the art. Therefore, 
unless such changes and modifications depart from the scope 
of the present invention, they should be construed as being 
included therein. 

What is claimed is: 

1. An encrypted communication system composed of n 
reception apparatuses and a single transmission apparatus 
for transferring digital information to the n reception 
apparatuses, wherein the n reception apparatuses are clas- 
sified into m groups, and k secret keys selected from a total 
of m*k secret keys are exclusively distributed to each group, 
the transmission apparatus comprising: 
secret key storage means for storing the m*k secret 
keys associated with the groups to which the secret 
keys are distributed; 
secret key selecting means for selecting one secret key 
for each group out of the k secret keys which are 
stored in the secret key storage means corresponding 
to each group; 
first encrypting means for encrypting a plaintext using 
each of the m secret keys read by the secret key 
selecting means to produce m type 1 cryptograms; 
second encrypting means for generating a type 2 cryp- 
togram that helps identify the m secret keys used by 
the first encrypting means; and 
transfer means for transferring m pairs that each 
include 

(1) one of the type 1 cryptograms, and 

(2) the type 2 cryptogram 
to the n reception apparatuses, 

each pair of one type 1 cryptogram and the type 2 
cryptogram being transferred to every reception appa- 
ratus to which the secret key used to generate the type 
1 cryptogram has been distributed, 
and each of the n reception apparatuses comprising: 
secret key storage means for storing k secret keys that 
have been distributed to the group to which the 
reception apparatus belongs; 
reception means for receiving a pair of a type 1 
cryptogram and a type 2 cryptogram for the trans- 
mission apparatus; 
first decrypting means for decrypting the received type 
1 cryptogram using each of the k secret keys in the 
secret key storage means separately to generate k 
type 1 decrypted texts; and 
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judging means for judging whether any of the k type 1 
decrypted texts generated by the first decrypting 
means has predetermined relation with the type 2 
cryptogram and, on judging that at last one type 1 
decrypted text has the predetermined relation, con- 5 
firming that the secret key used to generate the type 
1 decrypted text that has the predetermined relation 
is identical to the secret key that was used to generate 
the type 1 cryptogram, 
wherein the type 2 cryptogram has a content that is 10 
unrelated to the m secret keys used by the first encrypt- 
ing means, 

wherein the second encrypting means generates the type 
2 cryptogram by encrypting the plaintext, 

wherein the judging means includes a second decrypting 
means for generating a type 2 decrypted text, judges 
whether any of the k type 1 decrypted texts matches the 
generated type 2 decrypted text, and when at least one 
of the k type 1 decrypted texts matches the type 2 2Q 
decrypted text, confirms that the secret key used to 
generate the matching type 1 decrypted text is identical 
to the secret key that was used to generate the type 1 
cryptogram, and 

wherein the second encrypting means encrypts the plain- 25 
text using the plaintext as an encryption key, and the 
second decrypting means decrypts the type 2 crypto- 
gram separately using each of the type 1 decrypted tests 
as a decryption key. 

2. A transmission apparatus for transferring digital in for- 30 
mation to n reception apparatuses, wherein the n reception 
apparatuses are classified into m groups, and k secret keys 
selected from a total of m*k secret keys are exclusively 
distributed to each group, comprising: 

secret key storage means for storing the m*k secret keys 35 
associated with the groups to which the secret keys are 
distributed; 

secret key selecting means for selecting one secret key for 
each group out of the k secret keys which are stored in 
the secret key storage means corresponding to each 40 
group; 

first encrypting means for encrypting a plaintext using 
each of the m secret keys read by the secret key 
selecting means to produce m type 1 cryptograms; 

second encrypting means for generating a type 2 crypto- 
gram that helps identify the m secret keys used by the 
first encrypting means; and 

transfer means for transferring m pairs that each include 

(1) one of the type 1 cryptograms, and 50 

(2) the type 2 cryptogram 
to the n reception apparatuses, 

each pair of one type 1 cryptogram and the type 2 
cryptogram being transferred to every reception appa- 



16 

rams to which the secret key used to generate the type 

1 cryptogram has been distributed, 

wherein the type 2 cryptogram has a content that is 
unrelated to the m secret keys used by the first encrypt- 
ing means, 

wherein the second encrypting means generates the type 

2 cryptogram by encrypting the plaintext, and 
wherein the second encrypting means encrypts the plain- 
text using the plaintext as an encryption key. 

3. A reception apparatus for receiving digital information 
transferred from one transmission apparatus, comprising: 

secret key storage means for storing k secret keys that 
have been distributed to the reception apparatus before- 
hand; 

reception means for receiving a pair of a type 1 crypto- 
gram and a type 2 cryptogram for the transmission 
apparatus; 

first decrypting means for decrypting the received type 1 
cryptogram using each of the k secret keys in the secret 
key storage means separately to generate k type 1 
decrypted texts; and 

judging means for judging whether any of the k type 1 
decrypted texts generated by the first decrypting means 
has a predetermined relation with the type 2 crypto- 
gram and, on judging that at least one type 1 decrypted 
text has the predetermined relation, confirming that the 
secret key used to generate the type 1 decrypted text 
that has the predetermined relation is identical to a 
secret key that was used to generate the type 1 
cryptogram, 

wherein the type 2 cryptogram has a content that is 

unrelated to the k secret keys, 
wherein the type 2 cryptogram is generated by encrypting 

a plaintext which was encrypted into the type 1 

cryptogram, 

wherein the judging means includes a second decrypting 
means for generating a type 2 decrypted text, judges 
whether any of the k type 1 decrypted texts matches the 
generated type 2 decrypted text, and when at least one 
of the k type 1 decrypted texts matches the type 2 
decrypted text, confirms that the secret key used to 
generate the matching type 1 decrypted text is identical 
to the secret key that was used to generate the type 1 
cryptogram, and 

wherein the plaintext is encrypted using the plaintext as 
an encryption key, and the second decrypting means 
decrypts the type 2 cryptogram separately using each of 
the type 1 decrypted texts as a decryption key. 
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